January 2020 - java-sig-commits - Fedora Mailing-Lists

[Bug 1591929] CVE-2018-11039 springframework: Cross Site Tracing (XST) if vulnerable to XSS

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1591929 Bug 1591929 depends on bug 1591930, which changed state. Bug 1591930 Summary: CVE-2018-11039 springframework: Cross Site Tracing (XST) if vulnerable to XSS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1591930 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 4 months

1
0
0 / 0

[Bug 1591930] CVE-2018-11039 springframework: Cross Site Tracing (XST) if vulnerable to XSS [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1591930 Robbie Harwood <rharwood(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED CC| |rharwood(a)redhat.com Resolution|--- |WONTFIX Last Closed| |2020-01-24 21:01:58 --- Comment #3 from Robbie Harwood <rharwood(a)redhat.com> --- Package is orphaned. -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 4 months

1
0
0 / 0

[Bug 1578578] CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1578578 Bug 1578578 depends on bug 1578579, which changed state. Bug 1578579 Summary: CVE-2018-1257 springframework: spring-framework: ReDoS Attack with spring-messaging [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1578579 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 4 months

1
0
0 / 0

[Bug 1578579] CVE-2018-1257 springframework: spring-framework: ReDoS Attack with spring-messaging [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1578579 Robbie Harwood <rharwood(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED CC| |rharwood(a)redhat.com Resolution|--- |WONTFIX Last Closed| |2020-01-24 21:01:48 --- Comment #3 from Robbie Harwood <rharwood(a)redhat.com> --- Package is orphaned. -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 4 months

1
0
0 / 0

[Bug 1410481] CVE-2017-2582 picketlink, keycloak: SAML request parser replaces special strings with system properties

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1410481 Bug 1410481 depends on bug 1710644, which changed state. Bug 1710644 Summary: CVE-2017-2582 picketlink: picketlink, keycloak: SAML request parser replaces special strings with system properties [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1710644 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 4 months

1
0
0 / 0

[Bug 1710644] New: CVE-2017-2582 picketlink: picketlink, keycloak: SAML request parser replaces special strings with system properties [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1710644 Bug ID: 1710644 Summary: CVE-2017-2582 picketlink: picketlink, keycloak: SAML request parser replaces special strings with system properties [fedora-all] Product: Fedora Version: 30 Status: NEW Component: picketlink Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: puntogil(a)libero.it Reporter: jpadman(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, lef(a)fedoraproject.org, mgoldman(a)redhat.com, puntogil(a)libero.it Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 4 months

1
3
0 / 0

[Bug 1709380] New: CVE-2018-20200 okhttp: certificate pinning bypass [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1709380 Bug ID: 1709380 Summary: CVE-2018-20200 okhttp: certificate pinning bypass [fedora-all] Product: Fedora Version: 30 Status: NEW Component: okhttp Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: puntogil(a)libero.it Reporter: msiddiqu(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: gerard(a)ryan.lt, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, puntogil(a)libero.it Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 4 months

1
3
0 / 0

[Bug 1639090] CVE-2018-11796 tika: Incomplete fix allows for XML entity expansion resulting in denial of service

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1639090 Bug 1639090 depends on bug 1639092, which changed state. Bug 1639092 Summary: CVE-2018-11796 tika: Incomplete fix allows for XML entity expansion resulting in denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1639092 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 4 months

1
0
0 / 0

[Bug 1639092] CVE-2018-11796 tika: Incomplete fix allows for XML entity expansion resulting in denial of service [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1639092 Robbie Harwood <rharwood(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED CC| |rharwood(a)redhat.com Resolution|--- |WONTFIX Last Closed| |2020-01-24 21:01:06 --- Comment #3 from Robbie Harwood <rharwood(a)redhat.com> --- Package is orphaned. -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 4 months

1
0
0 / 0

[Bug 1632469] CVE-2018-11762 tika: Zip Slip vulnerability in tika-app

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1632469 Bug 1632469 depends on bug 1632470, which changed state. Bug 1632470 Summary: CVE-2018-11762 tika: Zip Slip vulnerability in tika-app [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1632470 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 4 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits January 2020